[Samba] Combining "--complexity=off" and "check password script"
Brian Candler
b.candler at pobox.com
Thu Dec 14 11:13:04 UTC 2017
I would like to understand how the "check password script" interacts
with enabling/disabling password complexity checks.
That is: if I configure
check password script = /usr/local/samba/sbin/crackcheck -d
/var/cache/cracklib/cracklib_dict
is this called *in addition* to the default complexity checking, or
instead of it? And if I set
samba-tool domain passwordsettings set --complexity=off
with a check password script configured, does this setting disable the
check password script as well, or just the built-in complexity checking?
What I am actually trying to achieve is:
- DISABLE the requirement for complex character sets in passwords, but
- ENABLE a dictionary check
following the NCSC password guidance:
https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach
But looking at the samba4 source, I suspect that setting complexity=off
disables both checks. Is that correct?
Thanks,
Brian.
More information about the samba
mailing list